feat: Add SCIM and SAML2 security integrations to sdk

pkg/acceptance/helpers/role_client.go

@@ -103,7 +103,7 @@ func (c *RoleClient) GrantRoleToCurrentRole(t *testing.T, id sdk.AccountObjectId
 	require.NoError(t, err)
 
 	err = c.client().Grant(ctx, sdk.NewGrantRoleRequest(id, sdk.GrantRole{
-		Role: sdk.Pointer(sdk.NewAccountObjectIdentifier(currentRole)),
+		Role: sdk.Pointer(currentRole),
 	}))
 	require.NoError(t, err)
 }

pkg/acceptance/helpers/security_integration_client.go

@@ -27,7 +27,7 @@ func (c *SecurityIntegrationClient) client() sdk.SecurityIntegrations {
 
 func (c *SecurityIntegrationClient) CreateSaml2(t *testing.T, id sdk.AccountObjectIdentifier) (*sdk.SecurityIntegration, func()) {
 	t.Helper()
-	return c.CreateSaml2WithRequest(t, sdk.NewCreateSaml2SecurityIntegrationRequest(id, false, c.ids.RandomSchemaObjectIdentifier().Name(), "https://example.com", "Custom", random.GenerateX509(t)))
+	return c.CreateSaml2WithRequest(t, sdk.NewCreateSaml2SecurityIntegrationRequest(id, false, c.ids.Alpha(), "https://example.com", "Custom", random.GenerateX509(t)))
 }
 
 func (c *SecurityIntegrationClient) CreateSaml2WithRequest(t *testing.T, request *sdk.CreateSaml2SecurityIntegrationRequest) (*sdk.SecurityIntegration, func()) {

pkg/acceptance/helpers/test_client.go

@@ -21,6 +21,7 @@ type TestClient struct {
 	FailoverGroup       *FailoverGroupClient
 	FileFormat          *FileFormatClient
 	MaskingPolicy       *MaskingPolicyClient
+	MaterializedView    *MaterializedViewClient
 	NetworkPolicy       *NetworkPolicyClient
 	Parameter           *ParameterClient
 	PasswordPolicy      *PasswordPolicyClient
@@ -67,6 +68,7 @@ func NewTestClient(c *sdk.Client, database string, schema string, warehouse stri
 		FailoverGroup:       NewFailoverGroupClient(context, idsGenerator),
 		FileFormat:          NewFileFormatClient(context, idsGenerator),
 		MaskingPolicy:       NewMaskingPolicyClient(context, idsGenerator),
+		MaterializedView:    NewMaterializedViewClient(context, idsGenerator),
 		NetworkPolicy:       NewNetworkPolicyClient(context, idsGenerator),
 		Parameter:           NewParameterClient(context),
 		PasswordPolicy:      NewPasswordPolicyClient(context, idsGenerator),

pkg/internal/snowflakeroles/snowflake_predefined_roles.go

@@ -3,6 +3,7 @@ package snowflakeroles
 import "github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/sdk"
 
 var (
-	Orgadmin     = sdk.NewAccountObjectIdentifier("ORGADMIN")
-	Accountadmin = sdk.NewAccountObjectIdentifier("ACCOUNTADMIN")
+	Orgadmin               = sdk.NewAccountObjectIdentifier("ORGADMIN")
+	Accountadmin           = sdk.NewAccountObjectIdentifier("ACCOUNTADMIN")
+	GenericScimProvisioner = sdk.NewAccountObjectIdentifier("GENERIC_SCIM_PROVISIONER")
 )

pkg/sdk/parameters.go

@@ -64,6 +64,12 @@ func (parameters *parameters) SetAccountParameter(ctx context.Context, parameter
 			return fmt.Errorf("CLIENT_ENCRYPTION_KEY_SIZE session parameter is an integer, got %v", value)
 		}
 		opts.Set.Parameters.AccountParameters.ClientEncryptionKeySize = Pointer(v)
+	case AccountParameterEnableIdentifierFirstLogin:
+		b, err := parseBooleanParameter(string(parameter), value)
+		if err != nil {
+			return err
+		}
+		opts.Set.Parameters.AccountParameters.EnableIdentifierFirstLogin = b
 	case AccountParameterEnableInternalStagesPrivatelink:
 		b, err := parseBooleanParameter(string(parameter), value)
 		if err != nil {
@@ -328,6 +334,7 @@ const (
 	AccountParameterAllowClientMFACaching                            AccountParameter = "ALLOW_CLIENT_MFA_CACHING"
 	AccountParameterAllowIDToken                                     AccountParameter = "ALLOW_ID_TOKEN" // #nosec G101
 	AccountParameterClientEncryptionKeySize                          AccountParameter = "CLIENT_ENCRYPTION_KEY_SIZE"
+	AccountParameterEnableIdentifierFirstLogin                       AccountParameter = "ENABLE_IDENTIFIER_FIRST_LOGIN"
 	AccountParameterEnableInternalStagesPrivatelink                  AccountParameter = "ENABLE_INTERNAL_STAGES_PRIVATELINK"
 	AccountParameterEnableTriSecretAndRekeyOptOutForImageRepository  AccountParameter = "ENABLE_TRI_SECRET_AND_REKEY_OPT_OUT_FOR_IMAGE_REPOSITORY"   // #nosec G101
 	AccountParameterEnableTriSecretAndRekeyOptOutForSpcsBlockStorage AccountParameter = "ENABLE_TRI_SECRET_AND_REKEY_OPT_OUT_FOR_SPCS_BLOCK_STORAGE" // #nosec G101
@@ -524,6 +531,7 @@ type AccountParameters struct {
 	AllowClientMFACaching                            *bool    `ddl:"parameter" sql:"ALLOW_CLIENT_MFA_CACHING"`
 	AllowIDToken                                     *bool    `ddl:"parameter" sql:"ALLOW_ID_TOKEN"`
 	ClientEncryptionKeySize                          *int     `ddl:"parameter" sql:"CLIENT_ENCRYPTION_KEY_SIZE"`
+	EnableIdentifierFirstLogin                       *bool    `ddl:"parameter" sql:"ENABLE_IDENTIFIER_FIRST_LOGIN"`
 	EnableInternalStagesPrivatelink                  *bool    `ddl:"parameter" sql:"ENABLE_INTERNAL_STAGES_PRIVATELINK"`
 	EnableUnredactedQuerySyntaxError                 *bool    `ddl:"parameter" sql:"ENABLE_UNREDACTED_QUERY_SYNTAX_ERROR"`
 	EnableTriSecretAndRekeyOptOutForImageRepository  *bool    `ddl:"parameter" sql:"ENABLE_TRI_SECRET_AND_REKEY_OPT_OUT_FOR_IMAGE_REPOSITORY"`
@@ -567,6 +575,7 @@ type AccountParametersUnset struct {
 	AllowClientMFACaching                            *bool `ddl:"keyword" sql:"ALLOW_CLIENT_MFA_CACHING"`
 	AllowIDToken                                     *bool `ddl:"keyword" sql:"ALLOW_ID_TOKEN"`
 	ClientEncryptionKeySize                          *bool `ddl:"keyword" sql:"CLIENT_ENCRYPTION_KEY_SIZE"`
+	EnableIdentifierFirstLogin                       *bool `ddl:"keyword" sql:"ENABLE_IDENTIFIER_FIRST_LOGIN"`
 	EnableInternalStagesPrivatelink                  *bool `ddl:"keyword" sql:"ENABLE_INTERNAL_STAGES_PRIVATELINK"`
 	EnableTriSecretAndRekeyOptOutForImageRepository  *bool `ddl:"keyword" sql:"ENABLE_TRI_SECRET_AND_REKEY_OPT_OUT_FOR_IMAGE_REPOSITORY"`
 	EnableTriSecretAndRekeyOptOutForSpcsBlockStorage *bool `ddl:"keyword" sql:"ENABLE_TRI_SECRET_AND_REKEY_OPT_OUT_FOR_SPCS_BLOCK_STORAGE"`

pkg/sdk/testint/security_integrations_gen_integration_test.go

@@ -5,6 +5,7 @@ import (
 	"testing"
 
 	"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/acceptance/helpers/random"
+	"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/internal/snowflakeroles"
 	"github.com/Snowflake-Labs/terraform-provider-snowflake/pkg/sdk"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
@@ -14,8 +15,12 @@ func TestInt_SecurityIntegrations(t *testing.T) {
 	client := testClient(t)
 	ctx := testContext(t)
 
+	// TODO: move URL to helpers
 	acsURL := fmt.Sprintf("https://%s.snowflakecomputing.com/fed/login", testClientHelper().Context.CurrentAccount(t))
 	issuerURL := fmt.Sprintf("https://%s.snowflakecomputing.com", testClientHelper().Context.CurrentAccount(t))
+	cert := random.GenerateX509(t)
+	revertParameter := testClientHelper().Parameter.UpdateAccountParameterTemporarily(t, sdk.AccountParameterEnableIdentifierFirstLogin, "true")
+	t.Cleanup(revertParameter)
 
 	cleanupSecurityIntegration := func(t *testing.T, id sdk.AccountObjectIdentifier) {
 		t.Helper()
@@ -24,24 +29,25 @@ func TestInt_SecurityIntegrations(t *testing.T) {
 			assert.NoError(t, err)
 		})
 	}
-	cert := random.GenerateX509(t)
-	createSAML2Integration := func(t *testing.T, siID sdk.AccountObjectIdentifier, issuer string, with func(*sdk.CreateSaml2SecurityIntegrationRequest)) {
+	createSAML2Integration := func(t *testing.T, siID sdk.AccountObjectIdentifier, issuer string, with func(*sdk.CreateSaml2SecurityIntegrationRequest)) *sdk.SecurityIntegration {
 		t.Helper()
-		_, err := client.ExecForTests(ctx, "ALTER ACCOUNT SET ENABLE_IDENTIFIER_FIRST_LOGIN = true")
-		require.NoError(t, err)
 
 		saml2Req := sdk.NewCreateSaml2SecurityIntegrationRequest(siID, false, issuer, "https://example.com", "Custom", cert)
 		if with != nil {
 			with(saml2Req)
 		}
-		err = client.SecurityIntegrations.CreateSaml2(ctx, saml2Req)
+		err := client.SecurityIntegrations.CreateSaml2(ctx, saml2Req)
 		require.NoError(t, err)
 		cleanupSecurityIntegration(t, siID)
+		integration, err := client.SecurityIntegrations.ShowByID(ctx, siID)
+		require.NoError(t, err)
+
+		return integration
 	}
 
 	createSCIMIntegration := func(t *testing.T, siID sdk.AccountObjectIdentifier, with func(*sdk.CreateScimSecurityIntegrationRequest)) *sdk.SecurityIntegration {
 		t.Helper()
-		role, roleCleanup := testClientHelper().Role.CreateRoleWithRequest(t, sdk.NewCreateRoleRequest(sdk.NewAccountObjectIdentifier("GENERIC_SCIM_PROVISIONER")).WithOrReplace(true))
+		role, roleCleanup := testClientHelper().Role.CreateRoleWithRequest(t, sdk.NewCreateRoleRequest(snowflakeroles.GenericScimProvisioner).WithOrReplace(true))
 		t.Cleanup(roleCleanup)
 		testClientHelper().Role.GrantRoleToCurrentRole(t, role.ID())
 
@@ -408,7 +414,21 @@ func TestInt_SecurityIntegrations(t *testing.T) {
 		assertSecurityIntegration(t, si, id, "SCIM - GENERIC", false, "")
 	})
 
-	t.Run("Show", func(t *testing.T) {
+	t.Run("Show SAML2", func(t *testing.T) {
+		id := testClientHelper().Ids.RandomAccountObjectIdentifier()
+		si1 := createSAML2Integration(t, id, testClientHelper().Ids.Alpha(), nil)
+		id2 := testClientHelper().Ids.RandomAccountObjectIdentifier()
+		si2 := createSAML2Integration(t, id2, testClientHelper().Ids.Alpha(), nil)
+
+		returnedIntegrations, err := client.SecurityIntegrations.Show(ctx, sdk.NewShowSecurityIntegrationRequest().WithLike(&sdk.Like{
+			Pattern: sdk.Pointer(id.Name()),
+		}))
+		require.NoError(t, err)
+		assert.Contains(t, returnedIntegrations, *si1)
+		assert.NotContains(t, returnedIntegrations, *si2)
+	})
+
+	t.Run("Show SCIM", func(t *testing.T) {
 		id := testClientHelper().Ids.RandomAccountObjectIdentifier()
 		si1 := createSCIMIntegration(t, id, nil)
 		id2 := testClientHelper().Ids.RandomAccountObjectIdentifier()